"Anyone rushing a patch like this could very easily make a mistake," Reed says.
Now Apple may have to reissue the "root" patch yet again, says MalwareBytes' Reed.
The first version of Apple's patch broke some file-sharing functions on High Sierra, requiring Apple to put out a second version. Another facepalm-worthy bug displayed the user's password as a password hint when someone tries to unlock an encrypted partition on their machine known as an APFS container.Įven the fix for this week's "root" bug has already hit snafus before this more serious one presented itself. And even before that most recent bug blowup, researchers had already shown-on the day of the operating system's launch no less-that malicious code running on the operating system could steal the contents of its keychain without a password. Apple had already issued a rare apology for the "root" security flaw, writing that its "customers deserve better" and promising to audit its development practices to prevent similar bugs in the future. And worse, two of those Mac users say they've also tried re-installing Apple's security patch after that upgrade, only to find that the "root" problem still persists until they reboot their computer, with no warning that a reboot is necessary.īut the shoddiness of Apple's patch joins a disturbing pattern of security missteps in High Sierra's code.
Malwarebytes for mac high sierra install#
Those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the "root" bug reappears when they install the most recent macOS system update. Apple's initial patch came out about a 18 hours after the bug was first reported.īut now multiple Mac users have confirmed to WIRED that Apple's fix for that problem has a serious glitch of its own.
Malwarebytes for mac high sierra update#
Except, perhaps, when that patch is so rushed that it's nearly as buggy as the code it was designed to fix.Įarlier this week, Apple scrambled to push out a software update for macOS High Sierra, to sew up a glaring hole in the operating system's security measures: When any person or malicious program tried to log into a Mac computer, install software, or change settings, and thus hit a prompt for a username and password, they could simply enter "root" as a username, no password, and bypass the prompt to gain full access to the computer. When a company like Apple rushes out a software patch for a critical security bug, it deserves praise for protecting its customers quickly.
0 kommentar(er)
